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DYNAMICAL FAMILIES OF QUADRATIC 
POLYNOMIALS IN FINITE FIELDS OF 
^ CHARACTERISTIC TWO 

o. 

(S| I ERIC BACH AND ANDREW BRIDY 

Abstract. Let k = F 2 « . Let f(x) = ax 2 + f3x + 7 be a map from 
k to itself with a, j3, 7 <E k, a ^ 0. We show that / is conjugate by 
iy) 1 a linear polynomial in k[x] to a map in one of two one-parameter 

families. We then show that the number of equivalence classes of 
these / under conjugation by any permutation of k is 2 0< - 1o b | »s«'. 
|~ I '. In doing do we prove a more general result about affine-linear maps 

' on finite dimensional vector spaces over finite fields. 

1. Introduction and Change of Variables 

Let k be the field ¥ q . We study the dynamical behavior of quadratic 
polynomial maps from k to k. If q is odd, any quadratic polynomial 
[ can be put in the form x 2 + c by completing the square (via conjugation 

by a linear polynomial in k[x}) [TB]. If q is even, one cannot complete 
the square. In this case the corresponding result is the following: 



> 
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Theorem 1. Let k = F 2 n, and let f : k — >• k be defined by 

Csj ! f(x) = ax 2 + (3x + 7 

where f(x) G k[x], a 7^ 0. Fix any ( 6 k of absolute trace 1. Then 
there exists ip(x) = ax + b e k[x] such that 0/0 x/j(x) equals one of 
the following: 

p \ (1) x 2 + (3x 

(2) x 2 + (3x+ (/3 2 + 1)C 
Morever, no two distinct maps among those in families (1) and (2) are 
conjugate by a linear polynomial in k[x}. 

Proof. First we scale a to be 1. Let <f)(x) = oT x x. Then 
O -1 / '(f))(x) = x 2 + f3x + a>y. 
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Now let ip{x) = (f) o (x + c) for some c to be determined. Then 

O/^/VOO) = x 2 + (3x + c 2 + (f3 + l)c + cry. 

If we can find a 6 such that c 2 + ((3 + l)c + 0:7 = then our map is of 
the form (1). First assume (3^1 and let y = -p-^. We want 

(y 2 + y)(f3 2 + l) = a 1 



which we write as 
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°\y) - y 



(3 2 + l 

where a : x 1— >• x 2 is the Frobenius automorphism. By the additive 
version of Hilbert's Theorem 90 [8], there exists a solution if and only 
if tr(-gf^-j-) = 0, where tr denotes the absolute trace. 

Suppose instead that tr(-^_) = 1. Pick any ( G k of trace 1. Then 
t r (/^q~[ + C) = 0, so there exists y such that y 2 + y = + C- Therefore 
c 2 + (/3 + l)c + 0:7 = (/3 2 + and our map is of the form (2). 

If (3 = 1, then fip){x) = x 2 + x + c 2 + aj, and we choose c such 
that c 2 = cry and (?/> -1 /?/>)(a;) = x 2 + a;. The map x 4 i 2 + 1 lies in 
both families (1) and (2). 

Uniqueness is immediate. The above trace condition shows that with 
the exception of the case when (3 = 1, no map in family (1) is conjugate 
to a map in family (2) by any if)(x) = ax + b. Within each family, each 
map is uniquely parametrized by (3, and a conjugation by ax + b does 
not change (3. □ 

Theorem [T] shows that, up to conjugation by a linear polynomial in 
k[x], there exist two one-parameter families of quadratic polynomial 
maps from ¥2^ to itself. This can be thought of as a kind of moduli 
space for quadratic maps, given explicitly by the intersecting curves 
(1,0,0) and (l,/3,(/3 2 + l)C) in A|. 

Remark 2. If we allow conjugation by linear polynomials in k[x], every 
quadratic map lands in family (1). In other words, each type (2) map 
has a nontrivial k/k twist of type (1) as defined in [16]. However, for our 
purposes we will not extend the field k. One reason for staying in k[x] 
is the following. If a quadratic map is used in a practical situation, such 
as part of a pseudo-random generator, we may not be free to change 
the field of definition. For example, in choosing k for use in a mobile 
device, there are often severe performance constraints, leading us to 
want k to be as small as possible. 

It may occur that two quadratic maps from k to k are conjugate by a 
map other than a linear polynomial. We make the following definition. 
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Definition 3. For a set X, two functions f,g:X^X are dynamically 
equivalent if there exists a bijection a : X — > X such that / = a~ l go~. 

Dynamical equivalence of two maps means that they induce the same 
dynamics on X up to a relabeling of its elements. It is easy to check 
that dynamical equivalence is an equivalence relation. Let D(n) denote 
the number of dynamical equivalence classes of the set of quadratic 
polynomial mappings from k to k with coefficients in k. Our problem 
is to estimate D(n). It follows from Theorem [1] that D(n) < 2 n+1 , but 
this is far from optimal. We will show the following: 

Theorem 4. D(n) = 2 c ^ 1 °s 1 °sA 

2. Preliminary estimates for D(n) 

First we note that the maps in family (1) are never dynamically 
equivalent to maps in family (2), with the exception of x t-> x 2 + x, 
which lies in both. The map f(x) = x 2 + fix has two fixed points 
(namely, and fi + 1) but the map g(x) = x 2 + fix + (fi 2 + 1)C has none 
unless fi — 1, because if g(x) = x for some x e k, then 

x 2 + (fi + l)x + (fi 2 + 1)C = 0. 

Using the change of variables y = -p-^ again, 

(y 2 + y + C)((3 2 + l) = 0. 

But y 2 + y + ( = has no solution in k as tr(£) = 1, so g only has a 
fixed point when fi 2 + 1 = 0, i.e. fi = 1 and g(x) = x 2 + x. 

In Theorem [1] we only allowed conjugation by the subgroup of those 
permutations of ¥ 2 « that can be represented as ip(x) = ax + b with 
a, b G k. We now allow any permutation in the subgroup generated by 
these maps and by the Frobenius a : x i— > x 2 . This yields the following: 

Corollary 5. D(n) < 2G(n) - 1, where G(n) = ± (2 n + 0(2"/ 2 )) is 
the number of orbits of the action of Gal(k/W 2 ) on k. 

Proof. By Theorem [H every quadratic polynomial over k is equivalent 
to one of the form f(x) = x 2 + fix or g(x) = x 2 + fix + (fi 2 + 
Let a(x) = x 2 be the Frobenius, which generates Gal(fc/F 2 ), and let 
ip(x) = x + C(°"(/3) + 1)- We compute 

(afa- 1 )(x) = x 2 + a(fi)x 

((t7-V)"V"V)(^) = x 2 + a(fi)x + (a(fi) 2 + 1)C 

This shows that the dynamical equivalence class of f(x) and g(x) is 
unchanged by replacing fi by cr(fi), or by anything in the Galois orbit 
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of (3. The map x i— > x 2 + x is the only one that lies in both families (1) 
and (2), giving the upper bound of 2G(n) — 1. □ 

3. Affine-Linear Dynamics on (¥ q ) n 

To prove Theorem H] we use linear algebra. Quadratic polynomial 
maps from k to itself are affine-linear maps of k as an F 2 -vector space. 
Proposition [9] decomposes such a map into a linear map and an affine 
map whose dynamical equivalence class is determined by an integer 
partition, then Proposition [TT1 gives a sufficient condition for dynamical 
equivalence of linear maps that depends on the factorization of their 
characteristic polynomials. Counting characteristic polynomials yields 
Theorem [131 which is an upper bound on the number of dynamical 
equivalence classes of affine-linear maps of (¥ q ) n . 

The following useful definition is taken from [TT] and will play a 
crucial role in our counting argument. 

Definition 6. The order of / G ¥ q [x] with /(0) 7^ is the smallest 
positive n such that / | x n — 1. We write ord/ for the order of /. 

Proposition 7. Let O q (k) be the number of integers that occur as 
orders of irreducible polynomials over¥ q of degree k. Then 

O q (k) = Y,r(q d -l)fi(k/d). 

d\k 

Proof. For / G ¥ q [x] irreducible of degree k with /(0) 7^ 0, it is easy 
to show that ord / is the multiplicative order of the element [x] in the 
field ¥ q [x]/(f) = ¥ q k [TTj . Each nonzero a G ¥ q k has an irreducible 
minimal polynomial over ¥ q of degree dividing k, and the order of this 
polynomial is the multiplicative order of a. All divisors of |F* fc | = q k — 1 
occur as multiplicative orders of some a G ¥ q k, and all irreducible 
polynomials over ¥ q of degree dividing k split in ¥ q k, so this proves 

J20 q (d) = r(q k -l) 

d\k 

and the proposition follows by Mobius inversion. □ 

Lemma 8. Let V and W be vector spaces, and let the pairs of linear 
maps A, B : V — >■ V and C,D : W — >■ W be dynamically equivalent, 
that is, A = cf)~ l B(f) and C = ip~ l Dtp for some bisections <p '■ V — > V 
and ip : W -)■ W. Then M = A®C and N = B © D are dynamically 
equivalent linear maps from V © W to itself. 



Proof. Define 6: V®W-^V®W as <p on V and i/)on If, extending 
linearly to V © W. Then M = d~ l N6. □ 
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Proposition 9. Let V be a finite dimensional vector space over ¥ q . 
Let T : V -» V be defined as Tx = Ax + b, where A : V — >■ V is 
linear and b G V . If there exists s & V such that Ts = s, then T is 
dynamically equivalent to A. If no such s exists, then there is a direct 
sum decomposition V = V\ © V 2 , T = T\ © T2, T\x = A\x + b\ and 
T 2 x = A 2 x + b 2 , such that 

(1) There exists some s e V 2 with T 2 s = s, so T 2 is dynamically 
equivalent to A 2 . 

(2) There exists a direct sum decomposition V\ = W\ © • ■ ■ © Wk, 
with T\ — Si © • • • © Sk, Si : Wi — > Wi affine-linear, such that 
the dynamical equivalence class of S is determined entirely by 
the dim Wi , which form a partition of dim V\ . 

Proof. This is proved in [18J, where the notion of an identical transition 
graph is the same as ours of dynamical equivalence. There it is shown 
that, if we let t{ = dim Wi, each Si induces ord ^-iy i + 1 c Y c l es of length 
ord (x — on Wi. By Lemma [U the set {dimWj} determines the 

dynamical equivalence class of S. See [5] for more about transition 
graphs of linear maps of vector spaces over finite fields. □ 

Lemma 10. Let V be a finite dimensional W q -vector space. Let the 
linear map A : V — > V have characteristic polynomial f r , where f is 
irreducible over ¥ q and /(0) 7^ 0. The dynamical equivalence class of 
A is determined by degf, ord/, and an integer partition of r . 

Proof. There exist direct sum decompositions V — V± © • • • © V m and 
A — A\ © • • • © A m such that in some basis of each Vi, Ai : Vi — >■ Vi can 
be written as the companion matrix of f Xi for some Aj, and Yl Aj = r. 

The orbits in Vi under the map Ai are cycles that correspond to all 
linearly recurrent sequences over ¥ q with characteristic polynomial f Xi , 
and the lengths of the cycles are the periods of these sequences [XI] . 
The integers that occur as periods of these sequences and the number 
of sequences with each period can be explicitly computed from the 
data ord/, deg/, and Aj [TTJ Theorem 6.63]. This determines the 
dynamical equivalence class of each Ai, and by Lemmadl the dynamical 
equivalence class of A. □ 

Proposition 11. Let V be a finite dimensional vector space over ¥ q 
and let A : V —*V be a linear map. Let p e ¥ q [x] be the characteristic 
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polynomial of A and write its factorization into irreducibles as 



where the pi are distinct and no Pi equals x. The dynamical equivalence 
class of A is completely determined by an integer partition of each r« 
and two lists of m positive integers: {degpi} and {ordpj}. 

Proof. By the theory of the Jordan canonical form [6] there exist di- 
rect sum decompositions A = A © • ■ ■ © A m and V — Vq ffi • • • © V m 
where A{ : Vi — > Vi, the characteristic polynomial of Aq is x r °, and the 
characteristic polynomial of A^ is for i > 1. The Jordan form of the 
nilpotent map Aq is specified by a partition of ro in which each part is 
the size of a Jordan block, so this partition determines the similarity 
class of A and hence the dynamical equivalence class (if two linear 
maps are similar, they are dynamically equivalent). 

Suppose that degpi and ord pi are given for i > 1. Specifying a 
partition of each rj determines the dynamical equivalence class of each 
Ai by Lemma [TOj, which in turn determines the dynamical equivalence 
class of A by Lemma [HJ □ 

Before proceeding with the proof of Theorem [121 we record a propo- 
sition that will be needed at a key moment in the counting argument. 

Proposition 12. Let i q (n) denote the maximum possible number of 
distinct irreducible factors of a degree n polynomial over ¥ q . Then 



Proof. For q > 3 it is proved in [9l Lemma Al] that 



which immediately implies the proposition when g ^ 2. As we only 
require a weaker big-0 estimate, we present a simplied version of the 
proof in [H] which also works for q = 2. 

For / G ¥q[x], let oj(f) denote the number of distinct irreducible 
factors of /. We construct / such that oj(f) = i q (n) by a greedy 
algorithm. That is, first multiply together all degree 1 irreducibles, 
then all degree 2 irreducibles, and so on, until multiplying / by another 
irreducible would raise its degree higher than n. Then degf < n and 
no degree n polynomials have more distinct irreducible factors than /. 
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p = x r ° y\ pt 
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It suffices to prove the proposition for polynomials of the form 



/ 



f = 9 



\ 



n p 

\p irreducible . 
degp<fc / 

where g is a product of m irreducible polynomials of degree k, each 
of which appears with multiplicity 1. Let I q (j) denote the number of 
irreducible polynomials over ¥ q of degree j. We have 

fc-i 

(3.1) u(f) = J2m + m 



and 
(3.2 



fc-i 



deg(/) = ^2jl q (j) +mk<n. 
We now show that the inequality 



(3.3) E J ^')^E^') 

holds for large k. As I q (j) < q 3 /j [X X j we have 

£/»«<£^< E «* + E 



l<j<k/2 k/2<j<k 



k/2 



^ q k/2+i _ q 2 q k+1 - 2q k ' 2 



q-1 



k(q-l] 



< 



1 



q-1 



q k/2+l + 2 <? 



k+1 



k 



As I q (j) > qi/j - qi /2+1 /(j(q - 1)) [11] we have 



~q~^l 



q 



1_ / 3g fc+1 - 3g _ 3g (fc+i)/2+i _ 3g 3/ 2 x 
~ V k(q - 1) J 



Therefore equation 13.31 holds if 

gfc /2+i + < 3g fe+1 - 3g 3g( fc+1 )/ 2+1 - 3g 3 / 2 



k 



k(q-l) 
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or equivalently 




fc fc(g-l) ~ k k(q-l)' 

Comparing powers of q on both sides, it is clear that this inequality 
holds for large k. 

Returning to equations 13.11 and I3.2[ we use 13.31 to conclude 

fc-l „ /k-1 

3=1 \j=l 

It only remains to show k > Clogn for some C. By our construction 
of /, the largest that n can be for a given k occurs when g is the 
product of all degree k irreducible polynomials over ¥ q . For this g, 
n < k + ^2j =1 jlj because if n exceeded this amount, we could add a 
degree k + l irreducible factor to /. So 

k k k+l 

n < k + jij < k + Yl i k - k + q Si - k + y k+1 - 

3=1 3=1 q ~ 

When k is large, k < q k+1 . Recall that q > 2. These imply that 
n < k + q k+1 < q k+2 , so log (n) < k + 2. For n> q 4 

k > log g (n) - 2 > -log 3 (n), 
which completes the proof. □ 

We now combine Propositions [9] and [11] to give an upper bound on 
the number of dynamical equivalence classes of affine-linear maps from 
(F ? ) n to itself. The upper bound of dynamical equivalence classes of 
quadratic polynomial maps on will be an immediate corollary. 

Theorem 13. Let V = {¥ q ) n . Let E(n) denote the number of dynam- 
ical equivalence classes of affine-linear maps from V to itself. Then 



E(n) = exp ( O 



n 



log logn, 

Remark 14. The upper bound on E(n) in Theorem [13] depends on the 
existence of nonlinear conjugacies between affine-linear maps. Compare 
this bound with the well-known fact that the number of conjugacy 
classes in GL (n,q) is q n + 0(q^~s~^) [T7] . 

Proof. Let Tx = Ax + b be an affine-linear map from V to itself, where 
A is linear and b e V. By Proposition EJ V = V x © V 2 and T = T x © T 2 
such that the dynamical equivalence class of Tx is determined by a 
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partition of dim V\ and T 2 is equivalent to a linear map A%. (It may be 
the case that V\ — and Ti = 0.) Let 

m 

P = X n) Y\ Pi 

i=l 

be the characteristic polynomial of A 2 . Note that degp < n. By 
Proposition [HJ the dynamical equivalence class of A 2 is determined 
by a partition of each and the two lists of m integers {degp,} and 
{oid pi}. We estimate the number of ways of specifying these data. 
Assume for the moment that the deg pi and the partitions of the r, are 
given and that we need to assign orders to the pi. 

Let di = deg pi. By Proposition [3, the number of possible ways to 
assign the ordp, is 

m m 

nw^n^ 1 - 1 )- 

i=l i=l 

We split this into two products over the ranges di < d and di > d for 
some d to be chosen later. First we estimate the quantity 

ci = n T(v di - !)■ 

di<d 

Using the trivial estimate t(x) < x + 1, 

di<d 

Each di is the degree of a distinct irreducible polynomial over ¥ q . As 

k 

in the proof of Proposition [12l I q {k) < so 

d-l d-1 
di<d k=l k=l 

Therefore C\ < q qd . 
Now we estimate 

c 2 = n r (i di - !)■ 

By the estimate on t(x) in Theorem 8.8.9], there exists c such that 

clog(q d i-l) 

T (q d * — 1) < 2 1 °s 1 °s(9 di - 1 ) . 

This implies 

n cdj log g cl °g^E<i 1 >j' i . 
2l°glog( 9 d -l) < 2 loglog^-l 
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where we use the inequality q — 1 > q , which is true for q > 2 and 
d>l. Also, J2d >ddi < n -, so 



c(log q)n 



C 2 < 2 1 °s( d - 1 ) + 1 °S 1 °S9 . 

Putting these estimates together we have 

m , 

Y[ r(q d > - 1) = CiC 2 < exp f g d log q + log ! 

i=i ^ 

Choose d = and note log(d - 1) > log(d/2) for d > 1. Then 



c(logg)n 



log(rf - 1) + log log g 



g log g + log 2 



c(logg)n 



log(d - 1) + log log q 



< n 1 ' 2 log q + 



cn log 2 log g 



log 



log n 
4 log q 



+ log log g 



O 



n 



log log n _ 

Now we estimate the number of ways that the rj and degp^ can occur. 
Because YlT=i r * degpi = dim V 2 , the deg^j form a partition of dim V2 in 
which each appears times. This is a "factorization pattern" of dim V 2 
as in [7] which is specified by first picking a partition of dim V 2 into parts 
of size k, each of which occurs Sk times, and then further dividing each 
Sfc into parts r^. Let b(n) denote the number of factorization patterns 
of n. It is mentioned in [1] and proved in jT3j that 



b(n) = exp ( B\/ n \ogn + 0(y/n) 



Finally, we need to choose a partition of each 7^ and a dynamical 
equivalence class for T\ given by a partition of dim Vi. If P[x) denotes 
the partition function, we have P(x) < exp(Ky/x) [2j. The number of 
ways to specify all these partitions is 



P(dim Vi) Y[ P(n) < P{n) exp ( K ^ ^ 



i=0 



i=0 



( 



< exp 



Ky/n + KVm + l, 



\ 



v ] < exp(fsyn(l + 

\ i=0 



exp K^x 1 + 



logra 



exp I O 



n 



1)) 



The inequality YlT=o — V m + ^- \/YlT=o r * follows from the stan- 
dard fact that the arithmetic mean of the sfrl is at most the root mean 
square, and m + 1 is the number of distinct irreducible factors of p, so 
m + 1 = 0(n/logn) by Proposition! 
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Putting this all together, the number of ways to choose a dynamical 
equivalence classes for 7\ and T 2 , and therefore a dynamical equivalence 
class for T by Lemma [BJ is at most 

(° fay) (° te)) = (° te)) 

which completes the proof. Theorem [4] follows immediately. □ 

Remark 15. It seems possible that the estimates in Theorem [131 could 
be improved. The main estimate used for r(q d — 1) is the worst-case 
estimate on t(x) that follows from the prime number theorem. It may 
be possible to give a better estimate based on the distribution of multi- 
plicative orders of q modulo various integers n. (If n divides q d — l, then 
d is a multiple of the multiplicative order of q mod n.) Questions along 
these lines tend to be difficult, even for q = 2. See [3], [10], [12], [TJ], 
and [15] for some related work. 
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